name: Publish native packages



on:
  workflow_dispatch:

  push:
    # Before being able to run the workflow manually, it needs to run at least
    # once via a push event.
    branches:
      - force-github-action-run
    # For now, do not run automatically on tags.
    # We are currently executing this workflow manually, via "gh workflow run".
    #tags:
    #  - 'snoopy-*.*.*'



jobs:
  publish-native-packages:

    name: Publish for ${{matrix.container}}
    runs-on: ubuntu-20.04



    ### Define the list of container images
    #
    container: ${{ matrix.container }}
    strategy:
      max-parallel: 1
      matrix:
        container:
          - ciready/archlinux:base-devel-ci-c

          - ciready/almalinux:8-ci-c
          - ciready/almalinux:9-ci-c

          - ciready/centos:stream-8-ci-c
          - ciready/centos:stream-9-ci-c

          - ciready/debian:buster-ci-c
          - ciready/debian:bullseye-ci-c
          - ciready/debian:bookworm-ci-c

          - ciready/opensuse:leap-15.4-ci-c
          - ciready/opensuse:leap-15.5-ci-c

          - ciready/ubuntu:20.04-ci-c
          - ciready/ubuntu:22.04-ci-c



    ###
    ### Steps to run
    ###
    steps:



      ### Fetch the code
      #
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0

      # Work around the fix for CVE-2022-24765
      - run: git config --global --add safe.directory $GITHUB_WORKSPACE || true



      ### Install required tools
      #
      - run: ./dev-tools/install-dev-software.sh
      - run: ./dev-tools/install-packaging-software.sh



      ### Archlinux "workaround"
      #
      - name: "WORKAROUND: Make makepkg run as roon on Arch Linux"
        run: |
            sed -i 's/EUID == 0/EUID == 1987/' /usr/sbin/makepkg
        if: ${{ startsWith(matrix.container, 'ciready/archlinux:') }}



      ### Set up authentication and signing keys
      #
      - name: "Setup SSH key for managing git@github.com:a2o/snoopy-packages repository"
        env:
            SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO: ${{ secrets.SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO }}
        run: |
            mkdir -p /root/.ssh
            echo "$SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO" > /root/.ssh/id_rsa
            chmod 600 /root/.ssh/id_rsa
            ssh-keyscan -H github.com >> /root/.ssh/known_hosts

      - name: "Setup repository signing GPG key"
        env:
            GPG_PRIVKEY_SNOOPY_PACKAGES: ${{ secrets.GPG_PRIVKEY_SNOOPY_PACKAGES }}
        run: |
            echo "$GPG_PRIVKEY_SNOOPY_PACKAGES" | gpg --import

      - name: "Setup git commit settings"
        run: |
            git config --global user.email "publish-native-packages.workflow@snoopy.a2o.github.com"
            git config --global user.name "Publish native packages workflow @ github.com:a2o/snoopy"



      ### Build & publish
      #
      - run: ./dev-tools/build-native-package.sh
      - run: ./dev-tools/publish-native-package.sh
